gitlab-ci: try and get deploys works

This commit is contained in:
Luke Granger-Brown 2020-05-09 23:49:32 +01:00
parent 118ebf59fd
commit 91d742c1cd
7 changed files with 23 additions and 14 deletions

View file

@ -5,6 +5,8 @@ stages:
nixCache:
stage: build
image: "nixos/nix:latest"
only:
- disabled_while_iterating
script:
- "mkdir -p ops/secrets"
- "cp ${OPS_SECRETS_DEFAULT_NIX} ops/secrets/default.nix"

View file

@ -16,4 +16,4 @@ echo Syncing repo content to machine "$1"
rsync -e "$ssh_cmd" -avz --exclude='.hg/' ./ "deployer@$1:depot/"
echo Triggering rebuild
$ssh_cmd -t "deployer@$1" rebuilder depot/
$ssh_cmd -t "deployer@$1" rebuilder ./depot

View file

@ -1,6 +1,5 @@
args: {
javaws-env = import ./javaws-env.nix args;
plex-pass = import ./plex-pass.nix args;
heptapod-runner = import ./heptapod-runner.nix args;
secretsync = import ./secretsync args;
}
} // (import ./heptapod-runner.nix args)

View file

@ -6,7 +6,14 @@ let
rev = "b4fda456f403";
sha256 = "1ybkd2jnq2dvkj157w2nlf9rmrgbd8kas43kimi9aarajgi9sri1";
};
wrappedMercurial = pkgs.symlinkJoin {
in
{
heptapod-runner = pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec {
inherit version;
buildInputs = oldAttrs.buildInputs ++ [ pkgs.makeWrapper ];
src = newSrc;
});
heptapod-runner-mercurial = pkgs.symlinkJoin {
name = pkgs.mercurial.name;
paths = [ pkgs.mercurial ];
postBuild = ''
@ -14,12 +21,4 @@ let
cp "${newSrc}/dockerfiles/build/runner.hgrc" "$out/etc/mercurial/hgrc"
'';
};
in
pkgs.gitlab-runner.overrideAttrs (oldAttrs: rec {
inherit version;
buildInputs = oldAttrs.buildInputs ++ [ wrappedMercurial pkgs.makeWrapper ];
src = newSrc;
postInstall = ''
wrapProgram $bin/bin/gitlab-runner --prefix PATH : ${wrappedMercurial}
'';
})
}

View file

@ -44,6 +44,9 @@ in
isSystemUser = true;
uid = 1001;
hashedPassword = "NP";
useDefaultShell = true;
home = "/var/lib/deployer";
createHome = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/deployer_ed25519.pub
];

View file

@ -5,10 +5,12 @@ pkgs.writeShellScriptBin "rebuilder" ''
exec sudo "$0" "$@"
fi
DEPOT_PATH="''${1:-<depot>}"
export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
system="$(nix-build -E '(import <depot> {}).ops.nixos.${system}' --no-out-link)"
system="$(nix-build -E "(import $DEPOT_PATH {}).ops.nixos.${system}" --no-out-link)"
nix-env -p /nix/var/nix/profiles/system --set "$system"
"$system/bin/switch-to-configuration" switch
''

View file

@ -189,6 +189,10 @@ in {
chown -R gitlab-runner:nogroup /srv/gitlab-runner/.ssh
chmod -R u=rwX,go= /srv/gitlab-runner/.ssh
'';
environment.systemPackages = with pkgs; [
vim rxvt_unicode.terminfo
depot.nix.pkgs.heptapod-runner-mercurial
];
};
};